CVE-2025-62516

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-62516
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62516.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-62516
Aliases
  • GHSA-43cm-q3mv-2hvj
Published
2025-10-27T19:46:32Z
Modified
2026-04-10T05:33:38.974456Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Landlord Onboarding & Rental Signup Unauthorized Access Vulnerability in TurboTenant Stripe Integration
Details

Landlord Onboarding & Rental Signup introduces the landlord onboarding workflow and rental signup system for VivaTurbo Rentals & Property Services. In 2.0.0 and earlier, a vulnerability was identified in the TurboTenant property listing activation workflow that could allow unauthorized access to certain Stripe payment session data. This could potentially expose sensitive business metadata, including landlord dashboard sync details and tenant information. The issue affects the API endpoints handling the property listing activation, subscription metadata, and payment link generation.

Database specific 
{
    "cwe_ids": [
        "CWE-200"
    ]
}
References

Affected packages

Git / github.com/turbo-tenant-internal-property/www.turbotenant.com

Affected ranges

Type
GIT
Repo
https://github.com/turbo-tenant-internal-property/www.turbotenant.com
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
98cf44895a1e8ec61b8a7da56fa6a4d9417a2a45
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.0"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62516.json"